M&S is hoping to put the fallout from the cyber attack that hit its business earlier this year to bed by August, its CEO Stuart Machin told its AGM yesterday.

Speaking to shareholders, Machin said by next month the retailer hopes to have put the “vast majority” of disruption from the cyber incident behind it, meaning that by August customers will “see the true M&S,” he said.

“Fully on” by August

Having first hit the retailer over the Easter weekend, the cyber attack crippled M&S’ operations, forcing its to shut down IT systems, scrambling the flow of goods to stores and prompting it to pause ecommerce orders for over six weeks. The incident, which has been linked to cyber crime group Scattered Spider, also saw customer data compromised, although it is understood that no financial information or card details were stolen.

The cost of disruption is expected to amount to a £300million hit to the retailer’s profits this year.

M&S started taking web orders again in June, however 50% of ecommerce operations, including click-and-collect, are yet to come back online. However, it expects its digital operations to to be fully restored within four weeks.

“Currently, half of online is open but not areas like click and collect. Within the next four weeks we are hoping for the whole of online to be fully on,” Machin said.

A “sobering” reminder of chinks in the armour

The hack at M&S was just one in a series of cyber attacks targeting retailers in recent months, with Co-op, Harrods, Adidas, The North Face and Cartier all experience incidents of varying degrees.

Phil Swain, CISO at Extreme Networks, said the scale of recent retail cyber attacks was a “sobering” wake-up call that even the most established retailers are vulnerable. “Recent breaches show how quickly things can unravel when vulnerabilities are exploited,” Swain said.